Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Welcome to LinuxQuestions.org, a friendly and active Linux Community.

You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!

Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.

If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.

Having a problem logging in? Please visit this page to clear all LQ-related cookies.

Introduction to Linux - A Hands on Guide

This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.

how to use the dd command to check, and overwrite surplus sectors on a 120 GB hard drive

Disks, even though there is LBA addressing now, still secretly are read in sectors, cylinders, and heads. There are 63 sectors per cylinder, and 255 heads per cylinder. Then there is a total cylinder count for the disk. You multiply out 512x63x255=bytes per cylinder. 63x255=sectors per cylinder. With dd you usually want to work with sectors per cylinder. With 234441647 total sectors, and 16065 sectors per cylinder, you get some trailing sectors which do not make up an entire cylinder, 14593.317584812. This leaves you with 5102 sectors which cannot be partitioned because to be in a partition you have to be a whole cylinder. Part cylinders do not count. It's like having part of a person. That doesn't really count as a person. So, what happens to these sectors? They become surplus sectors after the last partition. This a perfect place for sneaky programs to play, because you can't ordinarily read in there with an operating system. But, dd can.

It is really a good idea to check for anything writing to surplus sectors. For our Seagate 120 GB drive you subtract total sectors(234441647)-(5102) which don't make up a whole cylinder=234436545 partitionable sectors. Remember, native HDD sectors are 512, or 1b. If you don't specify “bs” in dd it defaults to 512.

dd if=/dev/sda of=/home/sam/myfile skip=234436545

this writes the last 5102 sectors to myfile. Launch “mc” to view the file. I swear, half the time Windows XP has left a weird, mutated MBR there. It like marks the disk for life that XP was there.

If there is something in there, you do not need it for anything. In this case you would write over it with random characters. Many digital rights management programs use surplus sectors to operate from, while enforcing DRM. These trojans, which are corporate trojans, are meant to enforce the security measures in copyrighted software. There are other various means to conceal such a trojan. One of these is a hidden partition. There is an undocumented type of partition which is called hidden. It is not visible to any operating system.

Perhaps not unique, but something ive rarely come upon when reading CLI guides. A few useful bash shortcuts.
(^ being control, M being the meta, usually alt or esc)

^a - jump to beginning of line, handy e.g. when you just want to change the command but keep that 4 line filepath intact

^e - jump to ending of line, useful in similar situations

^r - reverse search of your command history, "I want to ssh back to the server I did last night" >> ^r <type ssh> "uups not that one, the one before that" ^r "thats the one" <hit enter to execute rightaway

M+. - So that would be alt+. if you dont get what I mean. It pastes the last argument of your last command executed. very nifty a command when you think of it. e.g.

Code:

ls -la /path/to/some/weird/partition/and/for/the/heck/of/it/wonderland/in/there/file.you.realy.need.mp3
# then we want to do something else to it, like move it.. and preferably not type the location again.. d:
mv <M.> /mnt/tmp/mp3/

Wasnt that nifty? (:

I use these every single day and sofar have seen only one site that demonstrated their existance (if you dont count the bash man ofcourse (;)

There are plenty more of shortcuts for bash but either theyre more cryptic, well documented and learned or useless imo (: